package com.salmon.security.core.authorization.impl;

import com.salmon.security.core.authorization.AuthorizeConfigManager;
import com.salmon.security.core.authorization.AuthorizeConfigProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.stereotype.Component;

import java.util.List;

@Component
public class SalmonAuthorizeConfigManager implements AuthorizeConfigManager {

    @Autowired
    private List<AuthorizeConfigProvider> authorizeConfigProviders;

    @Override
    public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
        for (AuthorizeConfigProvider authorizeConfigProvider : authorizeConfigProviders) {
            authorizeConfigProvider.config(config);
        }
        //在RBAC模型中使用的时候不需要下面这个设置，需要删除，所有的最终请求得交给RBAC模型进行判断
        //TODO 在APP环境下 请注入 AnyRequestAuthenticatedAuthorizeConfigProvider
        //config.anyRequest().authenticated();
    }
}
